<?php

/* do_action.php
	Performs administrative actions
	** this version is designed for the TOP LEVEL PAGES **
	** note: this version also relies on GET instead of POST **
*/

error_reporting(0);
session_start();
error_reporting(1);

if ($_SESSION['level'] == "admin")
{

	$site_root = "";
	require_once ($site_root . "common/PinSQL.obj");
	$pinSQL = new PinSQL();
	
	$action = $_GET["actionname"];
	
	switch ($action)
	{
			
		case 'deleteuser':
			$destUser = $_GET["username"];
			
			if ($destUser)
			{
				$uid = $pinSQL->GetUserID($destUser);
				
				include ($site_root . "common/delete_directory.php");
				recursive_remove_directory ($site_root . "members/userData/$destUser");
				
				$pinSQL->Query("DELETE FROM memberdata WHERE id='$uid'");
				$pinSQL->Query("DELETE FROM members WHERE username='$destUser'");
				$pinSQL->Query("DELETE FROM buzz WHERE touser='$destUser'");
				$pinSQL->Query("DELETE FROM messages WHERE touser='$destUser'");
				$pinSQL->Query("DELETE FROM picturedata WHERE artist='$destUser'");
				$pinSQL->Query("DELETE FROM songdata WHERE artist='$destUser'");
				
				header ("Location: /members/frame.php?page=viewusers");
			} else {
				echo "do_action.php stopped before potentially doing unwanted damage to data:";
				echo "\n<br>No username was specified for deletion.";
				echo "\n<br>Implied folder for deletion without username: " . "<b>members/userData/$destUser</b>";
				echo "\n\n<p>Administrator: please fix the error in the referring page at once.";
			}
			
			break;
		
		case 'poststory':
			$message = addslashes($_GET['message']);
			$title = addslashes($_GET['title']);
			
			$pinSQL->Query("INSERT INTO activity
			(event_type, param_1, param_long)
			VALUES('new-news', '$title', '$message') ");

			include ($site_root . "gen_activity.php");
			break;
			
		case 'deletestory':
			$id = $_GET['id'];
			
			$pinSQL->Query("DELETE FROM activity WHERE id='$id'");

			include ($site_root . "gen_activity.php");
			break;

		}
	
	 $pinSQL->Close();
	 
	 
} else {
	
	echo "You are not currently logged in as an administrator.";
}


?>